连接.sdf文件时出错?它显示 - “解析查询时出错”。 [英] Having error while connecting with .sdf file? It shows- "There was an error parsing the query".
本文介绍了连接.sdf文件时出错?它显示 - “解析查询时出错”。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
错误是这样的
Error is like this
"There was an error parsing the query. [Token line number=1, Token line offset=23,Token in error=user]"
private void testconnection()
{
SqlCeCommand cmd = new SqlCeCommand();
SqlCeDataReader dr;
string strConnection = ConfigurationManager.ConnectionStrings["WindowsFormsApplication2.Properties.Settings.Database1ConnectionString"].ConnectionString;
using (var conn = new SqlCeConnection(string.Format("Data Source=c:\\users\\despot\\documents\\visual studio 2010\\Projects\\WindowsFormsApplication2\\WindowsFormsApplication2\\Database1.sdf", strConnection)))
{
conn.Open();
try
{
cmd.CommandText="select user from login where user='"+ textBox1.Text +"' and pass='"+ textBox2.Text +"';";;
cmd.Connection = conn;
dr = cmd.ExecuteReader();
dr.Read();
if (dr.Read()==true) // Should be if (dr.Read())
{
label1.Text="Pass";
}
else
{
label1.Text="Fail";
}
}
catch (SqlCeException err)
{
MessageBox.Show(err.Message);
}
finally
{
// No need for this when <code>using</code> is used.
if (conn.State == ConnectionState.Open) conn.Close();
}
}
}
推荐答案
因为你没有显示文字的价值框或结果SQL查询不容易给你一个出错的答案。
但是,你应该查看参数化查询。
使用带有直接用户输入的串联查询可以插入恶意SQL命令,并且更容易出错,正如您刚刚证明的那样。
查看MSDN和 SqlCommand。参数属性 [ ^ ]
As you don't show the value of your text boxes or the resulting SQL query it is not easy to give you an answer of what is going wrong.
However, you should look into parameterized queries instead.
Using concatenated queries with direct user input opens up for malicious SQL commands to be inserted and it is also more error prone, as you have just proved.
Have a look at MSDN and SqlCommand.Parameters Property[^]
这篇关于连接.sdf文件时出错?它显示 - “解析查询时出错”。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
